##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
permissions: handle more cases for invalidating permission caches...
marcink -
r3411:2e06ebce stable
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -159,6 +159,7 b' class AdminRepoGroupsView(BaseAppView, D'
159 try:
159 try:
160 owner = self._rhodecode_user
160 owner = self._rhodecode_user
161 form_result = repo_group_form.to_python(dict(self.request.POST))
161 form_result = repo_group_form.to_python(dict(self.request.POST))
162 copy_permissions = form_result.get('group_copy_permissions')
162 repo_group = RepoGroupModel().create(
163 repo_group = RepoGroupModel().create(
163 group_name=form_result['group_name_full'],
164 group_name=form_result['group_name_full'],
164 group_description=form_result['group_description'],
165 group_description=form_result['group_description'],
@@ -201,7 +202,14 b' class AdminRepoGroupsView(BaseAppView, D'
201 % repo_group_name, category='error')
202 % repo_group_name, category='error')
202 raise HTTPFound(h.route_path('home'))
203 raise HTTPFound(h.route_path('home'))
203
204
204 events.trigger(events.UserPermissionsChange([self._rhodecode_user.user_id]))
205 affected_user_ids = [self._rhodecode_user.user_id]
206 if copy_permissions:
207 user_group_perms = repo_group.permissions(expand_from_user_groups=True)
208 copy_perms = [perm['user_id'] for perm in user_group_perms]
209 # also include those newly created by copy
210 affected_user_ids.extend(copy_perms)
211 events.trigger(events.UserPermissionsChange(affected_user_ids))
212
205 raise HTTPFound(
213 raise HTTPFound(
206 h.route_path('repo_group_home',
214 h.route_path('repo_group_home',
207 repo_group_name=form_result['group_name_full']))
215 repo_group_name=form_result['group_name_full']))
Show file before | Show file after | Hide comments
@@ -146,14 +146,14 b' class AdminReposView(BaseAppView, DataGr'
146
146
147 form_result = {}
147 form_result = {}
148 self._load_form_data(c)
148 self._load_form_data(c)
149 task_id = None
149
150 try:
150 try:
151 # CanWriteToGroup validators checks permissions of this POST
151 # CanWriteToGroup validators checks permissions of this POST
152 form = RepoForm(
152 form = RepoForm(
153 self.request.translate, repo_groups=c.repo_groups_choices,
153 self.request.translate, repo_groups=c.repo_groups_choices,
154 landing_revs=c.landing_revs_choices)()
154 landing_revs=c.landing_revs_choices)()
155 form_result = form.to_python(dict(self.request.POST))
155 form_result = form.to_python(dict(self.request.POST))
156
156 copy_permissions = form_result.get('repo_copy_permissions')
157 # create is done sometimes async on celery, db transaction
157 # create is done sometimes async on celery, db transaction
158 # management is handled there.
158 # management is handled there.
159 task = RepoModel().create(form_result, self._rhodecode_user.user_id)
159 task = RepoModel().create(form_result, self._rhodecode_user.user_id)
@@ -176,9 +176,19 b' class AdminReposView(BaseAppView, DataGr'
176 h.flash(msg, category='error')
176 h.flash(msg, category='error')
177 raise HTTPFound(h.route_path('home'))
177 raise HTTPFound(h.route_path('home'))
178
178
179 events.trigger(events.UserPermissionsChange([self._rhodecode_user.user_id]))
179 repo_name = form_result.get('repo_name_full')
180
181 affected_user_ids = [self._rhodecode_user.user_id]
182 if copy_permissions:
183 repository = Repository.get_by_repo_name(repo_name)
184 # also include those newly created by copy
185 user_group_perms = repository.permissions(expand_from_user_groups=True)
186 copy_perms = [perm['user_id'] for perm in user_group_perms]
187 # also include those newly created by copy
188 affected_user_ids.extend(copy_perms)
189
190 events.trigger(events.UserPermissionsChange(affected_user_ids))
180
191
181 raise HTTPFound(
192 raise HTTPFound(
182 h.route_path('repo_creating',
193 h.route_path('repo_creating', repo_name=repo_name,
183 repo_name=form_result['repo_name_full'],
184 _query=dict(task_id=task_id)))
194 _query=dict(task_id=task_id)))
Show file before | Show file after | Hide comments
@@ -28,6 +28,7 b' from pyramid.view import view_config'
28 from pyramid.renderers import render
28 from pyramid.renderers import render
29 from pyramid.response import Response
29 from pyramid.response import Response
30
30
31 from rhodecode import events
31 from rhodecode.apps._base import BaseAppView, DataGridAppView, UserAppView
32 from rhodecode.apps._base import BaseAppView, DataGridAppView, UserAppView
32 from rhodecode.apps.ssh_support import SshKeyFileChangeEvent
33 from rhodecode.apps.ssh_support import SshKeyFileChangeEvent
33 from rhodecode.authentication.plugins import auth_rhodecode
34 from rhodecode.authentication.plugins import auth_rhodecode
@@ -573,6 +574,7 b' class UsersView(UserAppView):'
573 # audit_log.store_web('user.edit.permissions')
574 # audit_log.store_web('user.edit.permissions')
574
575
575 Session().commit()
576 Session().commit()
577
576 h.flash(_('User global permissions updated successfully'),
578 h.flash(_('User global permissions updated successfully'),
577 category='success')
579 category='success')
578
580
@@ -593,6 +595,9 b' class UsersView(UserAppView):'
593 log.exception("Exception during permissions saving")
595 log.exception("Exception during permissions saving")
594 h.flash(_('An error occurred during permissions saving'),
596 h.flash(_('An error occurred during permissions saving'),
595 category='error')
597 category='error')
598
599 affected_user_ids = [user_id]
600 events.trigger(events.UserPermissionsChange(affected_user_ids))
596 raise HTTPFound(h.route_path('user_edit_global_perms', user_id=user_id))
601 raise HTTPFound(h.route_path('user_edit_global_perms', user_id=user_id))
597
602
598 @LoginRequired()
603 @LoginRequired()
Show file before | Show file after | Hide comments
@@ -180,10 +180,14 b' class RepoGroupSettingsView(RepoGroupApp'
180
180
181 name_changed = old_repo_group_name != new_repo_group_name
181 name_changed = old_repo_group_name != new_repo_group_name
182 if name_changed:
182 if name_changed:
183 current_perms = self.db_repo_group.permissions(expand_from_user_groups=True)
184 affected_user_ids = [perm['user_id'] for perm in current_perms]
185
186 # NOTE(marcink): also add owner maybe it has changed
183 owner = User.get_by_username(schema_data['repo_group_owner'])
187 owner = User.get_by_username(schema_data['repo_group_owner'])
184 owner_id = owner.user_id if owner else self._rhodecode_user.user_id
188 owner_id = owner.user_id if owner else self._rhodecode_user.user_id
185 events.trigger(events.UserPermissionsChange([
189 affected_user_ids.extend([self._rhodecode_user.user_id, owner_id])
186 self._rhodecode_user.user_id, owner_id]))
190 events.trigger(events.UserPermissionsChange(affected_user_ids))
187
191
188 raise HTTPFound(
192 raise HTTPFound(
189 h.route_path('edit_repo_group', repo_group_name=new_repo_group_name))
193 h.route_path('edit_repo_group', repo_group_name=new_repo_group_name))
Show file before | Show file after | Hide comments
@@ -224,6 +224,7 b' class RepoForksView(RepoAppView, DataGri'
224 task_id = None
224 task_id = None
225 try:
225 try:
226 form_result = _form.to_python(post_data)
226 form_result = _form.to_python(post_data)
227 copy_permissions = form_result.get('copy_permissions')
227 # create fork is done sometimes async on celery, db transaction
228 # create fork is done sometimes async on celery, db transaction
228 # management is handled there.
229 # management is handled there.
229 task = RepoModel().create_fork(
230 task = RepoModel().create_fork(
@@ -246,18 +247,24 b' class RepoForksView(RepoAppView, DataGri'
246 return Response(html)
247 return Response(html)
247 except Exception:
248 except Exception:
248 log.exception(
249 log.exception(
249 u'Exception while trying to fork the repository %s',
250 u'Exception while trying to fork the repository %s', self.db_repo_name)
250 self.db_repo_name)
251 msg = _('An error occurred during repository forking %s') % (self.db_repo_name, )
251 msg = (
252 _('An error occurred during repository forking %s') % (
253 self.db_repo_name, ))
254 h.flash(msg, category='error')
252 h.flash(msg, category='error')
253 raise HTTPFound(h.route_path('home'))
255
254
256 repo_name = form_result.get('repo_name_full', self.db_repo_name)
255 repo_name = form_result.get('repo_name_full', self.db_repo_name)
257
256
258 events.trigger(events.UserPermissionsChange([self._rhodecode_user.user_id]))
257 affected_user_ids = [self._rhodecode_user.user_id]
258 if copy_permissions:
259 repository = Repository.get_by_repo_name(repo_name)
260 # also include those newly created by copy
261 user_group_perms = repository.permissions(expand_from_user_groups=True)
262 copy_perms = [perm['user_id'] for perm in user_group_perms]
263 # also include those newly created by copy
264 affected_user_ids.extend(copy_perms)
265
266 events.trigger(events.UserPermissionsChange(affected_user_ids))
259
267
260 raise HTTPFound(
268 raise HTTPFound(
261 h.route_path('repo_creating',
269 h.route_path('repo_creating', repo_name=repo_name,
262 repo_name=repo_name,
263 _query=dict(task_id=task_id)))
270 _query=dict(task_id=task_id)))
Show file before | Show file after | Hide comments
@@ -168,8 +168,8 b' class RepoSettingsView(RepoAppView):'
168
168
169 Session().commit()
169 Session().commit()
170
170
171 h.flash(_('Repository `{}` updated successfully').format(
171 h.flash(_('Repository `{}` updated successfully').format(old_repo_name),
172 old_repo_name), category='success')
172 category='success')
173 except Exception:
173 except Exception:
174 log.exception("Exception during update of repository")
174 log.exception("Exception during update of repository")
175 h.flash(_('Error occurred during update of repository {}').format(
175 h.flash(_('Error occurred during update of repository {}').format(
@@ -177,10 +177,14 b' class RepoSettingsView(RepoAppView):'
177
177
178 name_changed = old_repo_name != new_repo_name
178 name_changed = old_repo_name != new_repo_name
179 if name_changed:
179 if name_changed:
180 current_perms = self.db_repo.permissions(expand_from_user_groups=True)
181 affected_user_ids = [perm['user_id'] for perm in current_perms]
182
183 # NOTE(marcink): also add owner maybe it has changed
180 owner = User.get_by_username(schema_data['repo_owner'])
184 owner = User.get_by_username(schema_data['repo_owner'])
181 owner_id = owner.user_id if owner else self._rhodecode_user.user_id
185 owner_id = owner.user_id if owner else self._rhodecode_user.user_id
182 events.trigger(events.UserPermissionsChange([
186 affected_user_ids.extend([self._rhodecode_user.user_id, owner_id])
183 self._rhodecode_user.user_id, owner_id]))
187 events.trigger(events.UserPermissionsChange(affected_user_ids))
184
188
185 raise HTTPFound(
189 raise HTTPFound(
186 h.route_path('edit_repo', repo_name=new_repo_name))
190 h.route_path('edit_repo', repo_name=new_repo_name))
Show file before | Show file after | Hide comments
@@ -959,12 +959,14 b' class User(Base, BaseModel):'
959 return user
959 return user
960
960
961 @classmethod
961 @classmethod
962 def get_all_super_admins(cls):
962 def get_all_super_admins(cls, only_active=False):
963 """
963 """
964 Returns all admin accounts sorted by username
964 Returns all admin accounts sorted by username
965 """
965 """
966 return User.query().filter(User.admin == true())\
966 qry = User.query().filter(User.admin == true()).order_by(User.username.asc())
967 .order_by(User.username.asc()).all()
967 if only_active:
968 qry = qry.filter(User.active == true())
969 return qry.all()
968
970
969 @classmethod
971 @classmethod
970 def get_default_user(cls, cache=False, refresh=False):
972 def get_default_user(cls, cache=False, refresh=False):
@@ -1390,7 +1392,8 b' class UserGroup(Base, BaseModel):'
1390 FromCache("sql_cache_short", "get_users_group_%s" % user_group_id))
1392 FromCache("sql_cache_short", "get_users_group_%s" % user_group_id))
1391 return user_group.get(user_group_id)
1393 return user_group.get(user_group_id)
1392
1394
1393 def permissions(self, with_admins=True, with_owner=True):
1395 def permissions(self, with_admins=True, with_owner=True,
1396 expand_from_user_groups=False):
1394 """
1397 """
1395 Permissions for user groups
1398 Permissions for user groups
1396 """
1399 """
@@ -1441,19 +1444,29 b' class UserGroup(Base, BaseModel):'
1441 # each group
1444 # each group
1442 perm_rows = sorted(perm_rows, key=display_user_sort)
1445 perm_rows = sorted(perm_rows, key=display_user_sort)
1443
1446
1444 return super_admin_rows + owner_row + perm_rows
1447 user_groups_rows = []
1445
1448 if expand_from_user_groups:
1446 def permission_user_groups(self):
1449 for ug in self.permission_user_groups(with_members=True):
1447 q = UserGroupUserGroupToPerm.query().filter(UserGroupUserGroupToPerm.target_user_group == self)
1450 for user_data in ug.members:
1451 user_groups_rows.append(user_data)
1452
1453 return super_admin_rows + owner_row + perm_rows + user_groups_rows
1454
1455 def permission_user_groups(self, with_members=False):
1456 q = UserGroupUserGroupToPerm.query()\
1457 .filter(UserGroupUserGroupToPerm.target_user_group == self)
1448 q = q.options(joinedload(UserGroupUserGroupToPerm.user_group),
1458 q = q.options(joinedload(UserGroupUserGroupToPerm.user_group),
1449 joinedload(UserGroupUserGroupToPerm.target_user_group),
1459 joinedload(UserGroupUserGroupToPerm.target_user_group),
1450 joinedload(UserGroupUserGroupToPerm.permission),)
1460 joinedload(UserGroupUserGroupToPerm.permission),)
1451
1461
1452 perm_rows = []
1462 perm_rows = []
1453 for _user_group in q.all():
1463 for _user_group in q.all():
1454 usr = AttributeDict(_user_group.user_group.get_dict())
1464 entry = AttributeDict(_user_group.user_group.get_dict())
1455 usr.permission = _user_group.permission.permission_name
1465 entry.permission = _user_group.permission.permission_name
1456 perm_rows.append(usr)
1466 if with_members:
1467 entry.members = [x.user.get_dict()
1468 for x in _user_group.users_group.members]
1469 perm_rows.append(entry)
1457
1470
1458 perm_rows = sorted(perm_rows, key=display_user_group_sort)
1471 perm_rows = sorted(perm_rows, key=display_user_group_sort)
1459 return perm_rows
1472 return perm_rows
@@ -1928,7 +1941,8 b' class Repository(Base, BaseModel):'
1928 from rhodecode.lib.utils import make_db_config
1941 from rhodecode.lib.utils import make_db_config
1929 return make_db_config(clear_session=False, repo=self)
1942 return make_db_config(clear_session=False, repo=self)
1930
1943
1931 def permissions(self, with_admins=True, with_owner=True):
1944 def permissions(self, with_admins=True, with_owner=True,
1945 expand_from_user_groups=False):
1932 """
1946 """
1933 Permissions for repositories
1947 Permissions for repositories
1934 """
1948 """
@@ -1986,20 +2000,29 b' class Repository(Base, BaseModel):'
1986 # each group
2000 # each group
1987 perm_rows = sorted(perm_rows, key=display_user_sort)
2001 perm_rows = sorted(perm_rows, key=display_user_sort)
1988
2002
1989 return super_admin_rows + owner_row + perm_rows
2003 user_groups_rows = []
1990
2004 if expand_from_user_groups:
1991 def permission_user_groups(self):
2005 for ug in self.permission_user_groups(with_members=True):
1992 q = UserGroupRepoToPerm.query().filter(
2006 for user_data in ug.members:
1993 UserGroupRepoToPerm.repository == self)
2007 user_groups_rows.append(user_data)
2008
2009 return super_admin_rows + owner_row + perm_rows + user_groups_rows
2010
2011 def permission_user_groups(self, with_members=True):
2012 q = UserGroupRepoToPerm.query()\
2013 .filter(UserGroupRepoToPerm.repository == self)
1994 q = q.options(joinedload(UserGroupRepoToPerm.repository),
2014 q = q.options(joinedload(UserGroupRepoToPerm.repository),
1995 joinedload(UserGroupRepoToPerm.users_group),
2015 joinedload(UserGroupRepoToPerm.users_group),
1996 joinedload(UserGroupRepoToPerm.permission),)
2016 joinedload(UserGroupRepoToPerm.permission),)
1997
2017
1998 perm_rows = []
2018 perm_rows = []
1999 for _user_group in q.all():
2019 for _user_group in q.all():
2000 usr = AttributeDict(_user_group.users_group.get_dict())
2020 entry = AttributeDict(_user_group.users_group.get_dict())
2001 usr.permission = _user_group.permission.permission_name
2021 entry.permission = _user_group.permission.permission_name
2002 perm_rows.append(usr)
2022 if with_members:
2023 entry.members = [x.user.get_dict()
2024 for x in _user_group.users_group.members]
2025 perm_rows.append(entry)
2003
2026
2004 perm_rows = sorted(perm_rows, key=display_user_group_sort)
2027 perm_rows = sorted(perm_rows, key=display_user_group_sort)
2005 return perm_rows
2028 return perm_rows
@@ -2641,7 +2664,8 b' class RepoGroup(Base, BaseModel):'
2641 self.parent_group else [])
2664 self.parent_group else [])
2642 return RepoGroup.url_sep().join(path_prefix + [group_name])
2665 return RepoGroup.url_sep().join(path_prefix + [group_name])
2643
2666
2644 def permissions(self, with_admins=True, with_owner=True):
2667 def permissions(self, with_admins=True, with_owner=True,
2668 expand_from_user_groups=False):
2645 """
2669 """
2646 Permissions for repository groups
2670 Permissions for repository groups
2647 """
2671 """
@@ -2692,20 +2716,29 b' class RepoGroup(Base, BaseModel):'
2692 # each group
2716 # each group
2693 perm_rows = sorted(perm_rows, key=display_user_sort)
2717 perm_rows = sorted(perm_rows, key=display_user_sort)
2694
2718
2695 return super_admin_rows + owner_row + perm_rows
2719 user_groups_rows = []
2696
2720 if expand_from_user_groups:
2697 def permission_user_groups(self):
2721 for ug in self.permission_user_groups(with_members=True):
2698 q = UserGroupRepoGroupToPerm.query().filter(
2722 for user_data in ug.members:
2699 UserGroupRepoGroupToPerm.group == self)
2723 user_groups_rows.append(user_data)
2724
2725 return super_admin_rows + owner_row + perm_rows + user_groups_rows
2726
2727 def permission_user_groups(self, with_members=False):
2728 q = UserGroupRepoGroupToPerm.query()\
2729 .filter(UserGroupRepoGroupToPerm.group == self)
2700 q = q.options(joinedload(UserGroupRepoGroupToPerm.group),
2730 q = q.options(joinedload(UserGroupRepoGroupToPerm.group),
2701 joinedload(UserGroupRepoGroupToPerm.users_group),
2731 joinedload(UserGroupRepoGroupToPerm.users_group),
2702 joinedload(UserGroupRepoGroupToPerm.permission),)
2732 joinedload(UserGroupRepoGroupToPerm.permission),)
2703
2733
2704 perm_rows = []
2734 perm_rows = []
2705 for _user_group in q.all():
2735 for _user_group in q.all():
2706 usr = AttributeDict(_user_group.users_group.get_dict())
2736 entry = AttributeDict(_user_group.users_group.get_dict())
2707 usr.permission = _user_group.permission.permission_name
2737 entry.permission = _user_group.permission.permission_name
2708 perm_rows.append(usr)
2738 if with_members:
2739 entry.members = [x.user.get_dict()
2740 for x in _user_group.users_group.members]
2741 perm_rows.append(entry)
2709
2742
2710 perm_rows = sorted(perm_rows, key=display_user_group_sort)
2743 perm_rows = sorted(perm_rows, key=display_user_group_sort)
2711 return perm_rows
2744 return perm_rows
General Comments 0
You need to be logged in to leave comments. Login now